ATTO-TEC GmbH commits to protect your privacy and therefore uses technologies that enable an efficient and at the same time safe online use. This Privacy Policy pertains to the website of ATTO-TEC GmbH and regulates the collection and use of your personal data.

By using the ATTO-TEC GmbH website, you agree to accept procedures described below.

Collection of your personal data

ATTO-TEC GmbH collects and stores the data of our customers only to the extent to which it is necessary for a regulated business operation, predominantly your ordering process in our web shop. This stored data include particularly all the information we are obliged to process and store due to legal regulations for accounting and bookkeeping purposes.

ATTO-TEC GmbH stores personal data such as email address, name, address and telephone number. Your personal data will be stored by ATTO-TEC GmbH only if you enter it voluntarily at registration as a customer on our website ATTO-TEC GmbH stores this data with your consent as your personal profile so that you can comfortably register with your user name and password for future visits at www.atto-tec.com at any time. This has the advantage that you do not have to re-type your address every time you place an order.

In the following you can object to the utilization of this data and exclude such use for the future. In this case your personal data stored by ATTO-TEC GmbH will be deleted. However, in this case, a new and complete registration with every order is necessary. According to the rules of the German Teleservices Act (“Telemediengesetz”) and German Federal Data Protection Act (“Bundesdatenschutzgesetz”) you have the right to obtain information regarding personal data stored by ATTO-TEC GmbH on request and at no cost. Furthermore, you have the right to the correction, barring and/or deletion of your personal data stored by ATTO-TEC GmbH. If you have questions with regard to the content of this Privacy Policy and/or would like to exercise your legal rights to the correction, barring and deletion of this data, please contact our specialist at info@atto-tec.com.

If you disclose your personal data to ATTO-TEC GmbH only for the purpose of taking part in a competition, this data will only be stored and used for the proper execution of the concerned competition. We will not pass on this personal data, including the address and email address, to third parties without your consent except to logistics companies to whom we submit the required data in the case of a win.

As soon as the competition is finished and all prizes are delivered, all data stored only for the purpose of participating in the competition, will be deleted. You can revoke the declaration of consent required to participate in competitions of ATTO-TEC GmbH individually or entirely by sending a corresponding declaration to ATTO-TEC GmbH, Am Eichenhang 50, 57076 Siegen, GERMANY or by email to info@atto-tec.com at any time with immediate effect in the future.

ATTO-TEC GmbH also stores anonymous demographical information that is not clearly related to you such as postal code, age, gender, interests and favorites.

Some details about your computer hardware and software are collected automatically by ATTO-TEC GmbH, including your IP address, the type of your browser, your domain name, the access time and the pages of interest. These details are used by ATTO-TEC GmbH in order to maintain the quality of service and to create general statistics concerning ATTO-TEC GmbH. Persons under the age of 18 should not transmit personal data to ATTO-TEC GmbH without the consent of their parents or legal guardians. We do not request, collect and pass on personal data from children and youths to third parties. The website www.atto-tec.com does not offer any products for sale to minors.

Please keep in mind that personal data you publish in publicly accessible areas such as guest books etc. can be misused by other users.

Note: ATTO-TEC GmbH does not read your private online communication. ATTO-TEC GmbH requests you to check the Privacy Policy of the websites which ATTO-TEC GmbH links to so that you understand how these websites store and use your personal data. ATTO-TEC GmbH is not responsible for the Privacy Policy of other websites out of ATTO-TEC GmbH.

Using your personal data

ATTO-TEC GmbH stores and uses your personal information in order to manage the ATTO-TEC GmbH website and offer the desired level of services. ATTO-TEC GmbH also uses your personal data in order to inform you about new products and services of ATTO-TEC GmbH.

ATTO-TEC GmbH will neither sell its customer list to third parties nor rent it. ATTO-TEC GmbH may occasionally inform you on behalf of other business partners about a specific offer that may be of interest to you. In such a case, your personal details including email address, name or telephone number are never released to a third party.

ATTO-TEC GmbH will not disclose sensitive personal data such as race, religion or political attitude. ATTO-TEC GmbH keeps track of your visit within the websites of ATTO-TEC GmbH in order to determine what services are most popular. This data can be used do deliver customized content. This shall apply to visitors with a specific interest.

Disclosure of personal data

On presentation of a judicial order ATTO-TEC GmbH will pass on your personal data to the investigating authorities without informing you. We also reserve the right to use your personal data for judicial arguments, should we see ourselves impelled to do so.

Use of cookies

ATTO-TEC GmbH uses cookies to facilitate usability. A cookie is a text file which is stored by a server on your PC’s hard drive. Cookies cannot be used to run programs or spread viruses. Cookies are personally attributed to you and can only be read from a web server in the domain you have established. One of the main reasons for the use of cookies is to facilitate convenient use of the website and to save time. The purpose of a cookie is to tell the web server that you have returned to a specific page. This is, for instance, the case if you register at ATTO-TEC GmbH The online cookie helps ATTO-TEC GmbH to re-use specific data for future visits. This should help you in entering your personal data such as invoice and delivery address.

If you return to the same ATTO-TEC GmbH website, the information you previously provided can be retrieved and is available. That way the properties of ATTO-TEC GmbH can be customized. You have the option to accept or reject cookies. Most web browsers accept these cookies automatically, but you can configure your browser in such way as to store only the cookies of your preferred websites. Should you decide to reject the use of cookies, it may occur that your use of interactive offers at ATTO-TEC GmbH is no longer possible.

Safety of your personal data

ATTO-TEC GmbH protects your personal data from unauthorized access, use or disclosure. ATTO-TEC GmbH secures the personal information you provide on the server in a controlled and secure environment protected from unauthorized access and disclosure. If safety-related personal data such as credit card numbers are transmitted to other websites, you will be protected by encryption “Secure Socket Layer” (SSL).

Responsible Authority

The responsible entity in the sense of the German Federal Data Protection Act (”Bundesdatenschutzgesetz”) is ATTO-TEC GmbH, Am Eichenhang 50, 57076 Siegen, GERMANY. You can find further information in the imprint.

Changes of this Privacy Policy

ATTO-TEC GmbH reserves the right to update the Privacy Policy if required in order to adapt it to customer feedback as well as to legal and social changes. ATTO-TEC GmbH will inform you about these changes on the website or by email. The changes become valid provided that you do not submit a written appeal to ATTO-TEC GmbH within four weeks.

Contact

ATTO-TEC GmbH welcomes any feedback concerning this Privacy Policy. If you have any questions or suggestions, please contact info@atto-tec.com. We will get in touch with you as soon as possible. You will find our address and telephone number for written or personal contact in the imprint of the website.

II. Rights of data subjects

Provided your personal data is processed, you are considered the data subject as per GDPR and are entitled to the the rights listed below with regard to the processor.

1. Right to be informed You can demand a confirmation of whether personal data related to you is processed. Should this be the case, you can demand the following information: (1) The purposes for which the personal data is processed; (2) The categories of the personal data processed; (3) The recipients/categories of recipients receiving the personal data related to you; (4) The planned storage period for the personal data related to you or, if no concrete information is possible, criteria for determining the storage period; (5) Existence of a right to rectification or erasure of the personal data related to you, a right to restrict processing by the processor, or a right to object to this processing; (6) The existence of a right to appeal to the authorities. (7) All available information on the origin of the data if the personal data is not collected from the associated individual; (8) The existence of an automated decision making solution including profiling, as per Art. 22 Sec. 1 and 4 GDPR and – at least in these cases – meaningful information on the involved logic as well as the reach and target effect of such processing for the concerned individual.

You have the right to be informed of whether the personal data related to you is transmitted to a third country or an international organization. In this context, you can request to be informed of appropriate safeguards as per Art. 46 GDPR in conjunction with the transmission of your data.

2. Right to rectification You have the right to rectification and/or completion provided the processed personal data related to you is incorrect or incomplete. The data processor must promptly rectify the issue.

3. Right to restrict processing You can exercise your right to restrict processing of the personal data related to you provided the following conditions are met: (1) If you dispute the accuracy of the personal data related to you for a period that enables the processor to verify the accuracy of the data; (2) Processing is wrongful and you reject the deletion of your personal data, instead exercising your right to restrict the use of your personal data; (3) The processor no longer requires the personal data for processing, but you need it to assert, exercise, or defend legal claims. (4) If you have exercised your right to object to processing as per Art. 21 Sec. 1 GDPR and it has not been determined whether the the legitimate interest of the processor outweigh your interest.

If processing of the personal data related to you has been restricted, this data may only be processed (besides storage) with your express consent or to assert, exercise, or defend legal claims, or to protect the rights of other natural or legal persons, or for reasons of an important public interest of the European Union or a member state.

If restriction of processing was lifted based on the requirements above, you will be notified by the processor before this restriction is lifted.

4. Right to erasure

a) Obligation of erasure You can demand the processor to delete any personal data related to you right away and the processor is required to delete this data provided one of the following reasons applies: (1) The personal data related to you is no longer needed for the purpose for which it was collected or processed in any other way. (2) You withdraw your consent for processing based on Art. 6 Sec. 1 a or Art. 9 Sec. 2 a GDPR and there is no other legal basis for processing. (3) As per Art. 21 Sec. 1 GDPR, you object to processing and there are no superior legitimate reasons for processing; or, you object to processing as per Art. 21 Sec. 2 GDPR. (4) The personal data related to you was processed unlawfully. (5) Deletion of the personal data related to you is required to fulfil a legal obligation in line with EU law or law of member states to which the processor is subject. (6) The personal data related to you was collected as per Art. 8 Sec. 1 GDPR with regard to the services offered by the information society.

b) Information to third parties If the processor has published your personal data and is obligated to delete this data as per Art. 17 Sec. 1 GDPR, the processor shall take suitable measures taking into account the available technology and implementation costs, including those of a technical nature, to inform the processor responsible for processing the personal data that you as data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions The right to erasure does not apply if processing is required (1) to exercise the right to free expression of opinion and information; (2) to meet a legal obligation requiring processing in accordance with the law of the European Union or a member state to which the processor is subject, or to carry out a duty in the public interest or in exercising official authority assigned to the processor; (3) for reasons of public interest in the area of public health as per Art. 9 Sec. 2 h as well as Art. 9 Sec. 3 GDPR; (4) for archiving purposes in the public interest, economic or historical research purposes, or for statistical purposes as per Art. 89 Sec. 1 GDPR provided that the right named in a) is not expected to render attainment of the objectives of this agreement impossible or have a serious negative effect, or (5) To assert, exercise, or defend legal claims.

5. Right to be informed If you have exercised your right to rectification, erasure, or to restrict processing vis-à-vis the processor, the processor is obligated to notify all recipients to which your personal data was disclosed of rectification or deletion of the data, or restriction to its processing, unless this proves to be impossible or requires a disproportional amount of effort. You have the right to be informed of these recipients by the processor.

6. Right to data portability You have the right to receive the personal data related to you that you have provided to the processor in a structured, commonly used, machine-readable format. In addition, you have the right to pass on this data to another processor without interference of the processor to which you have provided the personal data, provided (1) Processing is based on consent as per Art. 6 Sec. 1 a GDPR or Art. 9 Sec. 2 a GDPR, or on a contract as per Art. 6 Sec. 1 b GDPR and (2) Processing is carried out by automated processes.

In exercising this right, you also have the right to demand your personal data be transferred directly from one processor to another processor, provided this is technically feasible. This must not negatively affect the freedoms and rights of other individuals.

The right to data portability does not apply to processing of personal data required or to carry out a duty in the public interest or in exercising official authority assigned to the processor.

7. Right to object You have the right to object to the processing of your personal data based on Art. 6 Sec. 1 e or f GDPR for reasons resulting from your particular situation at any time; this also applies to profiling based on these provisions.

If the personal data related to you is processed to carry out direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling provided directly related to such direct advertising.

If you object to processing for purposes of direct advertising, your personal data will no longer be processed for this purpose.

You have the option to exercise your right to object by means of an automated process which uses technical specifications in connection with the use of services provided by the information society, directive 2002/58/EC notwithstanding.

8. Right to withdraw consent to use of data You have the right to withdraw your consent to the use of your data at any time. Withdrawing your consent does not affect the lawfulness of the processing taking place based on your consent up to withdrawal.

9. Automated decision including profiling in individual cases You have the right to not be subjected to a decision based solely on automated processing, including profiling, that has a legal effect on you or affects you significantly in a similar manner. This does not apply if the decision (1) Is required to conclude or fulfil a contract between you and the processor, (2) Is permissible based on legal provisions of the European Union or a member state to which the processor is subject and these legal provisions contain suitable measures to protect your rights and freedoms as well as your legitimate interests, or (3) Is carried out with your express permission.

However, these decisions shall not be based on special categories of personal data as per Art. 9 Sec. 1 GDPR provided Art. 9 Sec. 2 a GDPR applies and suitable measures have been taken to protect your rights and freedoms as well as your legitimate interests.

With regard to the cases named in (1) and (3), the processor shall take appropriate measures to ensure your rights and freedoms as well as your legitimate interests, including at least the right to request an individual on the side of the processor to intervene, to present your own position, and to contest the decision.

10. Right to appeal to the authorities Notwithstanding any other administrative or judicial decision, you have the right to appeal to the authorities, especially in the member state where you are located, your workplace, or the location of the alleged violation if you believe that the processing of your personal data is in violation of GDPR.

The authority receiving the appeal shall inform the appealing party of the status and result of the appeal, including the option for a legal decision as per Art. 78 GDPR.